Skip to content
Permalink
Browse files

Some can_edit_task logic

If a user was granted "modifiy_own_task" he couldn't even edit the tasks
he submitted because it was somehow mixed with assignees
  • Loading branch information...
Psychokiller1888 committed Mar 5, 2015
1 parent 4d44b05 commit 9dfb3696c8f2c5ee975a1fd4c01f6692ba2ba4fa
Showing with 42 additions and 18 deletions.
  1. +29 −4 includes/class.user.php
  2. +9 −10 themes/CleanFS/templates/details.edit.tpl
  3. +4 −4 themes/CleanFS/templates/details.view.tpl
@@ -212,10 +212,11 @@ public function can_view_task($task)
public function can_edit_task($task)
{
return !$task['is_closed']
&& ($this->perms('modify_all_tasks', $task['project_id']) ||
($this->perms('modify_own_tasks', $task['project_id'])
&& in_array($this->id, Flyspray::GetAssignees($task['task_id']))));
return !$task['is_closed'] && (
$this->perms('modify_all_tasks', $task['project_id']) ||
($this->id == $task['opened_by'] && $this->perms('modify_own_tasks', $task['project_id'])) ||
in_array($this->id, Flyspray::GetAssignees($task['task_id']))
);
}
public function can_take_ownership($task)
@@ -237,6 +238,30 @@ public function can_close_task($task)
|| $this->perms('close_other_tasks', $task['project_id']);
}
public function can_set_task_parent($task)
{
return !$task['is_closed'] && (
$this->perms('modify_all_tasks', $task['project_id']) ||
in_array($this->id, Flyspray::GetAssignees($task['task_id']))
);
}
public function can_associate_task($task)
{
return !$task['is_closed'] && (
$this->perms('modify_all_tasks', $task['project_id']) ||
in_array($this->id, Flyspray::GetAssignees($task['task_id']))
);
}
public function can_add_task_dependency($task)
{
return !$task['is_closed'] && (
$this->perms('modify_all_tasks', $task['project_id']) ||
in_array($this->id, Flyspray::GetAssignees($task['task_id']))
);
}
//admin approve user registration
public function need_admin_approval()
{
@@ -22,12 +22,11 @@
<?php } else { ?>
<li style="display:none">
<?php } ?>
<label for="status"><?php echo Filters::noXSS(L('status')); ?></label>
<select id="status" name="item_status" <?php echo tpl_disableif(!$user->perms('modify_all_tasks')); ?>>
<?php echo tpl_options($proj->listTaskStatuses(), Req::val('item_status', ($user->perms('modify_all_tasks') ? STATUS_NEW : STATUS_UNCONFIRMED))); ?>

This comment has been minimized.

Copy link
@danoh

danoh Mar 27, 2015

Contributor

This also breaks task editing, because it loses the value in database and sets every time the status to first value in select box.


<label for="status"><?php echo Filters::noXSS(L('status')); ?></label>
<select id="status" name="item_status">
<?php echo tpl_options($proj->listTaskStatuses(), Req::val('item_status', $task_details['item_status'])); ?>

</select>
</select>
</li>

<!-- Progress -->
@@ -37,7 +36,7 @@
<li style="display:none">
<?php } ?>
<label for="percent"><?php echo Filters::noXSS(L('percentcomplete')); ?></label>
<select id="percent" name="percent_complete">
<select id="percent" name="percent_complete" <?php echo tpl_disableif(!$user->perms('modify_all_tasks')) ?>>
<?php $arr = array(); for ($i = 0; $i<=100; $i+=10) $arr[$i] = $i.'%'; ?>
<?php echo tpl_options($arr, Req::val('percent_complete', $task_details['percent_complete'])); ?>

@@ -127,7 +126,7 @@
<li style="display:none">
<?php } ?>
<label for="priority"><?php echo Filters::noXSS(L('priority')); ?></label>
<select id="priority" name="task_priority">
<select id="priority" name="task_priority" <?php echo tpl_disableif(!$user->perms('modify_all_tasks')) ?>>
<?php echo tpl_options($fs->priorities, Req::val('task_priority', $task_details['task_priority'])); ?>

</select>
@@ -153,15 +152,15 @@
<li style="display:none">
<?php } ?>
<label for="dueversion"><?php echo Filters::noXSS(L('dueinversion')); ?></label>
<select id="dueversion" name="closedby_version">
<select id="dueversion" name="closedby_version" <?php echo tpl_disableif(!$user->perms('modify_all_tasks')) ?>>
<option value="0"><?php echo Filters::noXSS(L('undecided')); ?></option>
<?php echo tpl_options($proj->listVersions(false, 3), Req::val('closedby_version', $task_details['closedby_version'])); ?>

</select>
</li>

<!-- Due Date -->
<?php if (in_array('duedate', $fields)) { ?>
<?php if (in_array('duedate', $fields) && $user->perms('modify_all_tasks')) { ?>
<li>
<?php } else { ?>
<li style="display:none">
@@ -193,7 +192,7 @@
<?php echo Filters::noXSS(L('hours')); ?>
</li>
<?php }
<?php }
} ?>

<!-- If no currently selected project is not there, push it on there so don't have to change things -->
@@ -95,7 +95,7 @@
</li>
<?php endif; ?>

<?php if ($user->can_edit_task($task_details)): ?>
<?php if ($user->can_set_task_parent($task_details)): ?>
<li><input type="checkbox" id="s_parent"><label for="s_parent"><?php echo Filters::noXSS(L('setparent')); ?></label>
<?php echo tpl_form(Filters::noXSS(CreateUrl('details', $task_details['task_id'])),null,null,null,'id="setparentform"'); ?>
<?php echo Filters::noXSS(L('parenttaskid')); ?>
@@ -106,7 +106,7 @@
</form>
</li>
<?php endif; ?>
<?php if ($user->can_edit_task($task_details)): ?>
<?php if ($user->can_associate_task($task_details)): ?>
<li><input type="checkbox" id="s_associate"><label for="s_associate"><?php echo Filters::noXSS(L('associatesubtask')); ?></label>
<?php echo tpl_form(Filters::noXSS(CreateUrl('details', $task_details['task_id'])),null,null,null,'id="associateform"'); ?>
<?php echo Filters::noXSS(L('associatetaskid')); ?>
@@ -120,7 +120,7 @@
<li>
<a href="<?php echo Filters::noXSS(CreateURL('depends', $task_details['task_id'])); ?>"><?php echo Filters::noXSS(L('depgraph')); ?></a>
</li>
<?php if ($user->can_edit_task($task_details)): ?>
<?php if ($user->can_add_task_dependency($task_details)): ?>
<li><input type="checkbox" id="s_adddependent"><label for="s_adddependent"><?php echo Filters::noXSS(L('adddependenttask')); ?></label>
<?php echo tpl_form(Filters::noXSS(CreateUrl('details', $task_details['task_id'])),null,null,null,'id="adddepform"'); ?>
<label for="dep_task_id"><?php echo Filters::noXSS(L('newdependency')); ?></label>
@@ -631,7 +631,7 @@ function quick_edit(elem, id)
<?php else: ?>
<?php echo eL('no'); ?>
<?php endif; ?>
<?php echo tpl_form(Filters::noXSS(CreateUrl('details', $task_details['task_id']))); ?>
<input type="hidden" name="ids" value="<?php echo Filters::noXSS($task_details['task_id']); ?>">
<input type="hidden" name="user_id" value="<?php echo Filters::noXSS($user->id); ?>">

0 comments on commit 9dfb369

Please sign in to comment.
You can’t perform that action at this time.